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(54) Dynamic smart card management 

(57) A method for securing a portable security mod- 
ule for use with a decoding element, the portable secu- 
rity module and the decoding element allowing to de- 
scramble scrambled audiovisual information. The meth- 



od comprises analyzing at the portable security module 
a sequence of command messages, the command mes- 
sages of the sequence being received at the portable 
security module at distinct times. 
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Description 

Background of invention 

Field of the Invention 5 

[0001] The invention relates generally to portable se- 
curity modules adapted to descramble scrambled audi- 
ovisual information. 

10 

Background Art 

[0002] Transmission of encrypted data is well-known 
in the field of pay TV systems, where scrambled audio- 
visual information is usually broadcast by terrestrial '5 
emitters, satellite or through a cable network to a 
number of subscribers, each subscriber possessing a 
decoder or receiver/decoder capable of descrambling 
the scrambled audiovisual information for subsequent 
viewing. 20 
[0003] In a typical system, the scrambled audiovisual 
information may be descrambied using a control word. 
In order to try to improve the security of the system, the 
control word is usually changed every ten seconds or 
so. Every 10 seconds, each subscriber receives, in an 25 
ECM (Entitlement Control Message), the control word 
necessary to descramble the scrambled audiovisual in- 
formation so as to permit viewing of the transmission. 
[0004] The control word itself is encrypted by an ex- 
ploitation key and transmitted in encrypted form in the 30 
ECM. The scrambled audiovisual information and the 
encrypted control word are received by a decoder, which 
in the case of a paid-up subscriber, has access to the 
exploitation key stored on a portable security module, 
e.g., a smart card, inserted in the decoder. The encrypt- 35 
ed control word is decrypted using the exploitation key 
by the smarteard. The smartcard transmits the control 
word to the decoder. The scrambled audiovisual infor- 
mation is descrambied using the decrypted control word 
by the decoder. The decoder is indeed powerful enough 40 
to provide a real-time descrambling of the scrambled au- 
diovisual information. 

[0005] The exploitation key is itself periodically 
changed, e.g. every month or so. An EMM (Entitlement 
Management Message) is monthly received by the de- 45 
coder and is transmitted in the smartcard. The EMM 
contains the exploitation key in an encoded form. A 
group key assigned to the smartcard enables to decode 
the encoded exploitation key. 

[0006] The decoder hence regularly sends command so 
messages to the smartcard. 

[0007] The command message may be an ECM, i.e. 
the decoder transmits to the smartcard a control word 
In an encrypted form. The smartcard decrypts the con- 
trol word using the exploitation key. The transmitting of ss 
the control word typically occurs every 10 seconds. 
[0008] If a viewer person zaps from a first channel to 
a second channel, the decoder transmits to the smart- 
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card a second control word in an encrypted form after a 
transmitting of a first control word in an encrypted form. 
The first control word and the second control word re- 
spectively correspond to the first channel and to the sec- 
ond channel. The smartcard may hence receive Entitle- 
ment Control Messages more frequently than every 10 
seconds due to the zapping of channels. 
[0009] The command message may also be an EMM, 
i.e. the decoder transmits to the smartcard an exploita- 
tion key in an encoded form, or any other command 
message from the decoder. 

[001 0] FIG . 1 schematically illustrates a smartcard ac- 
cording to prior art. The smartcard 11 is activated by a 
receiving of a message, e.g. an Entitlement Control 
Message ECM n from a decoder (not represented) : the 
decoder acts as a master and the smartcard 1 1 as a 
slave. A processing unit 12 of the smartcard only exe- 
cutes the command messages received from the decod- 
er. The smartcard 11 comprises a parameters memory, 
e.g. an EEPROM 13, into which parameters are stored. 
The processing unit 1 2 may check that the parameters 
stored into the EEPROM 1 3 are correct. The parameters 
may be for example a size of the Entitlement Control 
Messages to be received. The processing unit may 
check that the received Entitlement Control Message 
ECM n has a proper size before decrypting an encrypted 
control word contained in the received Entitlement Con- 
trol Message ECM n . 

[0011] A smartcard is generally intended to commu- 
nicate with a single decoder. However, a fraudulous user 
may attempt to set up a server between a single smart- 
card and a plurality of decoders. The server may be a 
splitter that communicates with the plurality of decoders 
directly, e.g. via an electrical wire. The server may also 
be a Control Word server that communicates with the 
plurality of decoders via a network, e.g. an Internet net- 
work. 

[0012] FIG. 2 schematically illustrates an example of 
a splitter configuration according to prior art. 
[0013] A first decoder 24A continuously receives a 
first scrambled audiovisual information E^^m^ corre- 
sponding to a first channel. A second decoder 24B con- 
tinuously receives a second scrambled audiovisual in- 
formation Ecv^Or^) corresponding to a second chan- 
nel. The first decoder 24A and the second decoder 24B 
respectively allow to provide a real-time descrambling 
of the first scrambled audiovisual Information E^^t 
and of the second scrambled audiovisual Information 
Ecw2( m 2)- 

[0014] The first scrambled audiovisual information 
E cwi{ m i) and lne second scrambled audiovisual infor- 
mation E CW2 (m2) are respectively descrambied using a 
first control word CW1 stored in a first memory 25A of 
the first decoder 24A and a second control word CW2 
stored in a second memory 25B of the second decoder 
24B. 

[0015] At each cryptoperiod, i.e. every 10 seconds for 
example, the first decoder 24A and the second decoder 
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24B respectively receive a first Entitlement Control Mes- 
sage ECM1 and a second Entitlement Control Message 
ECM2. 

[0016] In a splitter configuration , the first decoder 24A 
and the second decoder 24B respectively transmit the $ 
first Entitlement Control Message ECM1 and the second 
Entitlement Control Message ECM2 to a single server 
e.g. a splitter 22 during a single cryptoperiod. 
[001 7] The splitter 22 forwards one of the transmitted 
Entitlement Control Messages, e.g. ECM1, to a single 
portable security module, e.g. a smartcard 21 . Using an 
exploitation key stored into a smartcard memory 26. the 
smartcard decrypts the corresponding control word, e. 
g. CW1 , upon receiving of the forwarded Entitlement 
Control Message (ECM1). The corresponding control 
word CW1 is transmitted to the splitter 22. Once the 
splitter 22 receives the transmitted control word CW1 , 
the splitter 22 forwards a distinct entitlement control 
message among the transmitted Entitlement Control 
Messages, e.g. ECM2, to the smartcard 21 . The smart- 
card decrypts the corresponding control word, e.g. 
CW2, upon receiving of the forwarded Entitlement Con- 
trol Message (ECM2). The corresponding control word 
CW2 is transmitted to the splitter 22. 
[001 8] The splitter 22 forwards the decrypted control 
words CW1 and CW2 respectively to the first decoder 
24A and to the second decoder 24B. 
[001 9] The server allows a plurality of decoders to de- 
scramble scrambled audiovisual information with a sin- 
gle smartcard. 

Summary of Invention 

[0020] In a first aspect, the invention provides a meth- 
od for securing a portable security module for use with 
a decoding element. The portable security module and 
the decoding element allow to descramble scrambled 
audiovisual information. The method comprises analyz- 
ing at the portable security module a sequence of com- 
mand messages. The command messages of the se- 
quence are received at the portable security module at 
distinct times. 

[0021] In a first preferred embodiment, the analyzing 
is performed at each receiving of a new command mes- 
sage. The sequence of command messages comprises 
the new command message and a previous command 
message received at a previous time. 
[0022] In a second preferred embodiment, an error 
register is incremented at each analyzing upon a deter- 
mined result of the analyzing. A penalty is applied to the 
portable security module depending on a value of the 
error register. 

[0023] In a third preferred embodiment, the portable 
security module processes Entitlement Control Mes- 
sages received at the portable security module to allow 
the descrambling of the scrambled audiovisual informa- 
tion. The applying a penalty comprises Introducing a 
dead time at each processing so as to slow down the 



processing. 

[0024] In a fourth preferred embodiment, the dead 
time has a duration that depends on a value of the error 
register. 

[0025] In a fifth preferred embodiment, the duration of 
the dead time is shorter than a maximum time value. 
The maximum time value is high enough to prevent the 
portable security module from processing more than 
one Entitlement Control Message during a single cryp- 
toperiod. 

[0026] In a sixth preferred embodiment, the command 
messages are Entitlement Control Messages. 
[0027] In a seventh preferred embodiment, each En- 
titlement Control Message comprises a channel identi- 
fier. The channel identifier is associated to a determined 
channel. The analyzing of the sequence of command 
messages comprises comparing the channel identifier 
of the new command message and the channel identi- 
fier of the previous command message. 
[0028] In an eight preferred embodiment, each Enti- 
tlement Control Message comprises a first encrypted 
Control Word and a second encrypted Control Word. 
The first Control Word allows to descramble the scram- 
bled audiovisual Information during a first cryptoperiod 
and the second Control Word allows to descramble the 
scrambled audiovisual information during a second 
cryptoperiod distinct from the first cryptoperiod. The an- 
alyzing of the sequence of command messages com- 
prises comparing a second Control Word of the previous 
Entitlement Control Message to a first Control Word of 
the new Entitlement Control Message. 
[0029] In a ninth preferred embodiment, the com- 
mand messages are Entitlement Management Messag- 
es. 

[0030] In a tenth preferred embodiment, the analyzing 
of the sequence of command messages comprises 
comparing a determined content of a first command 
message of the sequence of command messages to a 
second determined content of a second command mes- 
sage of the sequence of command messages. 
[0031] In an eleventh preferred embodiment, a reset 
dead time is introduced upon a reset at each processing 
of the Entitlement Control Messages. The reset dead 
time has a duration that depends on a number of Enti- 
tlement Control Messages received at the portable se- 
curity module after the reset. The duration is equal to a 
first reset time value at a first processing immediately 
following the reset. The first reset time value is smaller 
than the maximum time value. 
[0032] In a twelfth preferred embodiment, a nature of 
a further reset Is evaluated according to an intermediate 
group of intermediate command messages. The inter- 
mediate group comprises the command messages re- 
ceived after a previous reset preceding the further reset. 
[0033] In a thirteenth preferred embodiment, a 
number of the intermediate command messages is 
counted. The number of the intermediate command 
messages Is compared to a reset threshold number. A 
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result of the comparing allows to evaluate the nature of 
the further reset. A reset error register is Incremented 
upon the further reset if the further reset Is evaluated as 
suspicious. The portable security module is blocked if 
the reset error register has a value that is higher than a 5 
reset errors threshold. 

[0034] In a fourteenth preferred embodiment, the 
portable security module is a smartcard and the decod- 
ing element is a decoder. 

[0035] In a second aspect the invention provides a 
portable security module for use with a decoding ele- 
ment. The portable security module and the decoding 
element allow to descramble scrambled audiovisual in- 
formation. The portable security module comprises re- 
ceiving means to receive messages and analyzing 
means to analyze a sequence of command messages. 
The command messages of the sequence are received 
at the portable security module at distinct times. 
[0036] In a fifteenth preferred embodiment, the port- 
able security module further comprises a command 
message memory into which a previous command mes- 
sage received at a previous time may be stored. The 
analyzing is performed at each receiving of a new com- 
mand message. The sequence of command messages 
comprises the new command message and the previ- 
ous command message. 

[0037] In a sixteenth preferred embodiment, the port- 
able security module further comprises comparing 
means to compare the new command message and the 
previous command message of the sequence of com- 
mand messages. The portable security module also 
comprises an error register and incrementing means to 
increment the error register depending on a result of the 
comparing. Processing means of the portable security 
module allow to process an Entitlement Control Mes- 
sage received at the portable security module so as to 
allow the descrambling of the scrambled audiovisual in- 
formation. Delaying means allow to introduce a dead 
time at each processing so as to slow down the process- 
ing. 

[0038] In a seventeenth preferred embodiment, the 
delaying means also allow upon a reset to introduce a 
reset dead time at each processing following the reset. 
The reset dead time has a duration that depends on a 
number of processing following the reset. The duration 
is equal to a first reset time value at a first processing 
immediately following the reset. 
[0039] In an eighteenth preferred embodiment, the 
portable security module further comprises a count reg- 
ister allowing to store a number of intermediate com- 
mand messages. The intermediate command messag- 
es are received at the portable security module after a 
previous reset. The portable security module further 
comprises a flag. The flag has a value that depends on 
a result of a comparing of the count register to a reset 
threshold number. A reset error register is incremented 
depending on the value of the flag upon a further reset. 
Blocking means allow to block the portable security 



module according to a value of the reset error register. 
[0040] In a third aspect, the invention provides a soft- 
ware for use within a portable security module. The soft- 
ware allows to implement the method of the first aspect 
of the present invention. 

[0041] in a fourth aspect, the invention provides a 
method for securing a portable security module. The 
method comprises downloading a software according to 
the third aspect of the present invention at manufactur- 
ing. 

[0042] In a fifth aspect, the invention provides a meth- 
od for securing a portable security module. The method 
comprises downloading a software according to the 
third aspect of the present invention. The downloading 
comprises receiving at the portable security module at 
least one configuration message from the decoding el- 
ement. 

[0043] Other aspects and advantages of the Invention 
will be apparent from the following description and the 
appended claims. 

Brief Description of Drawings 

[0044] FIG. 1 schematically illustrates an example of 
a smartcard according to prior art. 
[0045] FIG. 2 schematically illustrates an example of 
a splitter configuration according to prior art. 
[0046] FIG. 3 illustrates an example of a portable se- 
curity module according to the present invention. 
[0047] FIG. 4 illustrates an example of an algorithm 
to be executed by a smartcard according to the present 
invention. 

[0048] FIG. 5A and FIG. 5B illustrate an example of a 
sequence of command messages received by a porta- 
ble security module according to the present invention, 
[0049] FIG. 6A illustrates a possible sequence of val- 
ues of an error register in a portable security module 
according to the present invention. 
[0050] FIG. 6B illustrates a possible sequence of val- 
ues of a duration of a dead time In a portable security 
module according to the present invention. 
[0051] FIG. 6C illustrates an example of a sequence 
of values of a duration of a dead time of a portable se- 
curity module according to the present invention. 
[0052] FIG. 7 illustrates an example of an algorithm 
to be implemented in a portable security module accord- 
ing to the present Invention. 

Detailed Description 

[0053] A paid-up subscriber possesses a single port- 
able security module, e.g. a smartcard. A server, e.g. a 
splitter or a Control Word server, allows a plurality of de- 
coders to descramble scrambled audiovisual informa- 
tion with a single smartcard. It is hence possible for the 
paid-up subscriber to provide an access to audiovisual 
information dedicated to the paid-up subscriber to one 
or more unauthorized users that do not possess any 
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smartcard. 

[0054] There is a need for a method allowing to dis- 
courage a use of a server in a splitter configuration. 
However, a regular paid-up subscriber possessing a de- 
coder that communicates directly with a smartcard 5 
should not encounter problems. 
[0055] A first method may consist in implementing a 
slowing software into smartcards, wherein the slowing 
software allows to slow down a processing of each 
smartcard. The smartcards may hence not be able to 
decrypt more than one control word during a cryptope- 
riod, e.g. 10 seconds. 

[0056] A second method may consist in emitting En- 
titlement Control Messages at shorter cryptoperiods, e. 
g. every 3 seconds. 

[0057] Both the first method and the second method 
allow to restrict processing to a single ECM per cryp- 
toperiod. As a consequence the server will generally fail 
to synchronize communications between a plurality of 
decoders and a single smartcard. Only a single decoder 
may function correctly with the single smartcard. 
[0058] However, if a regular paid-up subscriber pos- 
sessing a single decoder zaps from one channel to an 
other channel at a relatively high zapping rate, the 
smartcard may also fail to decrypt a plurality of received 
ECM per cryptoperiod. The regular paid-up subscriber 
may hence be prevented from zapping between various 
offered audiovisual information. Typically, a screen of 
the regular paid-up subscriber may turn blank at a zap- 
ping action even if the subscriber is a regular paid-up 
subscriber. 

Overview of the invention 

[0059] FIG. 3 illustrates an example of a portable se- 
curity module according to the present invention. A port- 
able security module 31, e.g. a smartcard, is intended 
to be used with a decoding element (not represented), 
e.g. a decoder. The portable security module and the 
decoding element allow to descramble scrambled audi- 
ovisual information . The portable security module 31 re- 
ceives a plurality of messages, e.g. Entitlement Control 
Messages. The portable security module allows to proc- 
ess each received Entitlement Control Message EC- 
M r>+1 so as to extract a Control Word CW n+1 to be sent 
to the decoder. 

[0060] Similar to the portable security module from 
prior art, the smartcard 31 according to the present in- 
vention may comprise a processing unit 32 that only 
processes the Entitlement Control Messages or other 
messages received at the portable security module. The 
portable security module 31 may comprise a parame- 
ters memory, e.g. an EEPROM 33, into which parame- 
ters are stored. The processing unit 32 may check that 
the parameters stored into the EEPROM 33 are correct. 
[0061 ] The portable security module 31 of the present 
invention comprises analyzing means 35 to analyze a 
sequence of command messages (CM^, CM n ). The 
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command messages of the sequence (CM rvf1 , CM^ are 
received at the portable security module 31 at distinct 
times. 

[0062] Typically, the analyzing is performed each time 
that a new command message CM n+1 is received. The 
sequence of command messages comprises the new 
command message CM n+1 and a previous command 
message CM n that may for example be received imme- 
diately before the new command message CM^. The 
sequence of command messages may further comprise 
at least one further command message. 
[0063] The analyzing may comprise comparing a de- 
termined content of the command messages of the se- 
quence of command messages (CM^, CMJ. An error 
register 37 may be Incremented upon a determined re- 
sult of the comparing. 

[0064] The smartcard of the present invention hence 
allows to extract information, e.g. a value of the error 
register 37, the extracted information being relative to 
command messages that are received before the new 
command message CM n+1 . A penalty may be applied 
to the smartcard 31 depending on a value of the error 
register 37. Such a method according to the present in- 
vention allows, unlike the first method and the second 
method, to avoid to harm a regular paid-up subscriber 
possessing a single decoder that zaps from a channel 
to an other at a relatively high zapping rate. 
[0065] The smartcard 31 may further comprise a com- 
mand message memory 36 into which at least one com- 
mand message among the sequentially received mes- 
sages may be stored, The command message memory 
36 may be distinct from a central processing unit 34 that 
comprises the processing unit 32 and the analyzing 
means 35. 

[0066] Alternatively, the command message memory 
may be for example a part of the analyzing means : typ- 
ically, the command message memory may be a single 
register of the analyzing means or of any other process- 
ing means. 

[0067] The analyzing means 35 may be an hardware 
device distinct from the processing unit 32, as repre- 
sented on FIG. 3. Preferably, the analyzing means are 
an analyzing software that is implemented into the 
smartcard. The central processing unit comprises a 
processing software and an analyzing software. 
[0068] FIG. 4 illustrates an example of an algorithm 
to be executed by a smartcard according to the present 
invention. The smartcard receives a message. The re- 
ceived message may be a command message, e.g. an 
ECM, an EMM, or any other determined message. 
When a new command message CM^ is received (box 
401 ), an analyzing of a sequence of command messag- 
es is performed. Typically, the new command message 
CM n+1 is compared to a previous command message 
CM n received at an earlier time (box 402). The compar- 
ing of the new command message CM n+1 to the previ- 
ous command message CM n may consists in comparing 
a determined portion of each command message (CM n , 
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CM^), e.g. an identifier. The comparing may also con- 
sist in comparing an extracted information of each com- 
mand message (CM n , CM wl ), e.g. a control word de- 
crypted by the smartcard. 

[0069] An error register error_reg may be increment- s 
ed according to a resutt of the comparing (box 403). The 
algorithm further comprises introducing a dead time x at 
each processing of the Entitlement Control Messages 
received at the smartcard (box 404). Such a dead time 
penalty allows to slow down the smartcard. In the meth- 
od of the present invention, the dead time t has a dura- 
tion that depends on a value of the error register 
error_reg. Typically, a duration of the dead time x in- 
creases with the value of the error register error_reg. 
[0070] In a case of a splitter configuration, the smart- 
card receives more than one ECM percryptoperiod. The 
smartcard processes each received ECM so as to allow 
a descrambling of the scrambled audiovisual informa- 
tion. However, if the analyzing detects a problem at each 
cryptoperiod, e.g. every 10 seconds, the error register 
error_reg may have a relatively high value. The dead 
time x hence has a relatively high duration, which may 
prevent the smartcard from processing more than one 
ECM at each cryptoperiod, thus disrupting a descram- 
bling of a plurality of broadcasted audiovisual programs 
with a single smartcard. 

[0071] In a case of a regular paid-up subscriber pos- 
sessing a regular decoding system, the regular paid-up 
subscriber may generate, when zapping from a channel 
to another, a few increments of the error register 
error_reg. As a consequence, the dead time x is intro- 
duced as a penalty, but the dead time x has a relatively 
smail duration. Such a short dead time allows the smart- 
card to process a single regular ECM from a single de- 
coder during a cryptoperiod. The method according to 
the present invention only disrupts the descrambling 
with a no n -authorized configuration, e.g. the splitter 
configuration. 

[0072] The value of the dead time x may be stored in 
a RAM memory, if, In the case of the non-authorized 
configuration, the descrambling is disrupted, an unau- 
thorized user may reset the smartcard, so as to reset 
the value of the dead time x and allow an usual descram- 
bling. The algorithm may hence comprise that the value 
of the dead time x is incremented by a reset dead time 
x_reset (box 406) upon a reset of the smartcard (box 
405). The reset dead time x_reset may have a duration 
that depends on a number of ECM received at the smart- 
card following the reset. At a first processing that imme- 
diately follows the reset, the duration of the reset dead 
time x _reset may be equal to a first reset time value that 
is relatively high. The unauthorized user that resets the 
smartcard thus fails to obtain the regular descrambling. 
[0073] In addition to the slowing down of the smart- 
card, the applying a penalty may comprise a blocking of 
the smartcard. As the smartcard analyses previous 
command messages, it is possible to adapt the penalty 
from the introduction of a relatively small dead time to 
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the blocking of the card. 

[0074] Furthermore, a hacker may attack the smart- 
card with a high number of attack messages so as to 
extract essential parameters. In prior art, the smartcard 
fails to provide the analysis of the sequence of com- 
mand messages. By providing an analysis of the se- 
quence of command messages that are received at pre- 
vious times, the method of the present invention allows 
to detect such an attack. The attack messages may in- 
deed be relatively similar and the error register error_reg 
may have a relatively high value if an adequate analysis 
is performed. The penalties applied to the smartcard, e. 
g. the introducing of the dead time x or the blocking of 
the smartcard, may stow down or stop the attack. 

Analysis of a sequence of ECMs 

[0075] FIG. 5A and FIG. 5B illustrate an example of a 
sequence of command messages received by a porta- 
ble security module according to the present invention. 
The illustrated sequence comprises two successive En- 
titlement Control Messages. The sequence of command 
messages of FIG. 5A is received by a portable security 
module, e.g. a smartcard, being used In a regular con- 
figuration. The sequence of command messages of 
FIG. 5B is received by a smartcard being used in a split- 
ter configuration, or by a smartcard being used in a reg- 
ular configuration If a regular paid-up subscriber zaps 
from a determined channel / to a second channel / sub- 
stantially after the receiving of a previous Entitlement 
Control Message ECM n . 

[0076] The Entitlement Control Messages (54 n , 
54^) of both FIG. 5A and FIG. 5B comprise a first en- 
crypted control word (52 n , 52^). The smartcard allows 
to decrypt the first encrypted control word (52 n , 52^). 
The first Control Word CWJ1] extracted from the previ- 
ous Entitlement Control Message ECM n allows a de- 
scrambling of scrambled audiovisual information of the 
determined channel / during a first cryptoperiod. 
[0077] In a first embodiment of the present invention, 
the Entitlement Control Messages (54 n , 54 n+1 ) further 
comprise a second encrypted control word (53 n , 53^). 
The smartcard allows to decrypt the second encrypted 
control word (53 n , 53^). The second Control WordCW, 
[2] extracted from the previous Entitlement Control Mes- 
sage ECM n allows a descrambling of scrambled audio- 
visual Information of the determined channel / during a 
second cryptoperiod distinct from the first cryptoperiod. 
The second cryptoperiod may immediately follow the 
first cryptoperiod. 

[0078] In the case of the regular configuration, as il- 
lustrated in FIG. 5A, if the regular paid-up subscriber 
watches only programs of the determined channel, the 
second Control Word CW,[2] extracted from the previ- 
ous Entitlement Control Message ECM n is similar to a 
first Control Word CWj[2] of the new Entitlement Control 
Message ECM^. 

[0079] In the case of a zapping substantially between 
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the receiving of the previous Entitlement Control Mes- 
sage ECM n and the receiving of a further Entitlement 
Control Message ECM' n+1 , as illustrated in FIG. 5B, the 
smartcard receives as a further Entitlement Control 
Message an Entitlement Control Message ECM'^ that s 
is associated to the second channel /that is distinct from 
the determined channel /. The second Control Word 
CW([2] extracted from the previous Entitlement Control 
Message ECM n is hence different from to the first Con- 
trol Word CW|[1] of the new Entitlement Control Mes- 10 
sage ECM' n+1 . 

[0080] In the case of a splitter configuration, as illus- 
trated in FIG. 5B, the smartcard receives Entitlement 
Control Messages from a plurality of decoders, each de- 
coder allowing to descramble a flow of scrambled audi- * 5 
ovisual information of a corresponding channel. If for ex- 
ample the splitter allows the smartcard to communicate 
with two decoders, the two corresponding channels are 
likely to be distinct as distinct users may not always 
watch same TV programs. 20 
[0081] If the corresponding channels are distinct, the 
Control Words allowing to descramble scrambled audi- 
ovisual information from each corresponding channel 
are distinct. Therefore the second Control Word CW,{2] 
extracted from the previous Entitlement Control Mes- 25 
sage ECM n is hence different from to the first Control 
Word CWj[1] of the new Entitlement Control Message 
ECM' n+1 . 

[0082] In the first embodiment, an analyzing of the se- 
quence of command messages consists for example in 30 
comparing the second Control Word extracted from the 
previous Entitlement Control Message to the first Con- 
trol Word of the new Entitlement Control Message. Such 
analysis may be performed at each receiving of a new 
Entitlement Control Message, or periodically. 35 
[0083] The previous Entitlement Control Message to 
which the new Entitlement Control Message is com- 
pared may be received immediately before the new En- 
titlement Control Message. Alternatively, in particular in 
a case of a double streaming, the previous Entitlement *o 
Control Message may be chosen according to a prede- 
termined order. 

[0084] In a second embodiment of the present inven- 
tion that is also illustrated in FIG. 5A and 5B, the re- 
ceived Entitlement Control Messages (54 n , 54 n+1 ) com- *s 
prise a channel identifier (51 n , 51 n4l ). The channel iden- 
tifier 51 n of the previous Entitlement Control Message 
54 n is associated to the determined channel that the first 
control word CWj[1 ] allows to descramble. 
[0085] In the case of the regular configuration, as il- so 
lustrated in FIG. 5A, if the regular paid-up subscriber 
does not zap substantially between the receiving of the 
previous Entitlement Control Message ECM n and the 
receiving of a new Entitlement Control Message EC- 
M n+1 , the scrambled audiovisual information from the 55 
determined channel only is descrambled. The channel 
identifier 51 n of the previous Entitlement Control Mes- 
sage ECM n is hence similar to the channel Identifier 
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51^ of the new Entitlement Control Message ECM^. 
[0086] In the case of a zapping substantially between 
the receiving of the previous Entitlement Control Mes- 
sage ECM n and the receiving of a further Entitlement 
Control Message ECM'^, as illustrated in FIG. 5B, the 
smartcard receives as a further Entitlement Control 
Message an Entitlement Control Message ECM'^ that 
is associated to the second channel /that is distinctfrom 
the determined channel /. The channel Identifier 51 n of 
the previous Entitlement Control Message ECM n is 
hence different from the channel identifier 51 n+1 of the 
new Entitlement Control Message ECM' n+1 . 
[0087] In the case of a splitter configuration, also il- 
lustrated In FIG. 5B, the smartcard probably receives 
Entitlement Control Messages associated to at least two 
distinct channels, as explained in an above paragraph. 
The channel identifier 51 n of the previous Entitlement 
Control Message ECM n is thus different from the chan- 
nel identifier 51 ^ of the new Entitlement Control Mes- 
sage ECM'^. 

[0088] In the second embodiment, an analyzing of the 
sequence of command messages consists for example 
in comparing the channel Identifier of the previous En- 
titlement Control Message to the channel Identifier of the 
new Entitlement Control Message. Such analysis may 
be performed at each receiving of a new ECM, or peri- 
odically. The previous Entitlement Control Message to 
which the new Entitlement Control Message Is com- 
pared may be received immediately before the new En- 
titlement Control Message. 

[0089] In a case of a double stream, the second em- 
bodiment allows to detect no change of channel identi- 
fier in the regular configuration and at least one change 
of channel identifier in the splitter configuration. In this 
latter configuration, during a cryptoperiod, the smart- 
card receives at least: 

a first ECM A associated to a first decoder and to a 
first stream; 

a second ECM A 1 associated to the first decoder and 
to a second stream; 

a third ECM B associated to a second decoder and 
to the first stream; 

a fourth ECM B' associated to the second decoder 
and to the second stream. 

[0090] The first ECM, the second ECM, the third ECM 
and the fourth ECM may be received in the following 
order: A, A', B, B\ The analyzing detects at least one 
change of channel identifier. The analyzing detects at 
least three changes of channel identifier if the ECM, the 
second ECM, the third ECM and the fourth ECM are re- 
ceived in the following order: A, B, A', B\ 
[0091] In the case the double streaming in the regular 
configuration without zapping, only the first ECM A and 
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the second ECM A' are received and no change of chan- 
nel identifier is detected. In this latter case, a method 
according to the first embodiment of the present Inven- 
tion detects a change between the second Control Word 
of the previous Entitlement Control Message and the 5 
first Control Word of the new Entitlement Control Mes- 
sage. It is necessary to take into consideration the dou- 
ble streaming in the analyzing: the previous Entitlement 
Control Message is chosen according to a predeter- 
mined order. The second embodiment allows to avoid 
such a precaution. 

[0092] However, if a hacker attacks the smartcard 
with a high number of attack Entitlement Control Mes- 
sages that are relatively similar, the method according 
to the first embodiment allows to detect a high number 
of changes between the second Control Word of the pre- 
vious Entitlement Control Message and the first Control 
Word of the new Entitlement Control Message. The 
method of the second embodiment may detect no 
change in the channel identifiers. 
[0093] As illustrated in FIG. 5A and FIG. 5B, the re- 
ceived Entitlement Control Messages may comprise 
both the channel identifier (51 n , 51 ^) and the second 
encrypted Control Word (53 n , 53 n+1 ). The comparing of 
the first embodiment and the comparing of the second 
embodiment may both be performed as an analyzing of 
the sequence of command messages. 
[0094] The analyzing may be performed on any other 
messages received at the smartcard, e.g. EMMs or re- 
set messages. The analyzing may consist in comparing 
a determined content, e.g. a channel identifier, or an ex- 
tracted information, e.g. a Control Word, of two com- 
mand messages. If the compared determined contents/ 
extracted information are different, an error register may 
be incremented. A penalty may be applied depending 
on a value of the error register. The applying a penalty 
typically comprises introducing a dead time at each 
processing of an Entitlement Control Message. 

Dead times management 

[0095] FIG. 6A illustrates a possible sequence of val- 
ues of an error register in a portable security module 
according to the present invention. 
[0096] FIG. 6B illustrates a possible sequence of val- 
ues of a duration of a dead time in a portable security 
module according to the present Invention. The dead 
time sequence of FIG. 6B corresponds to the error reg- 
ister sequence of FIG. 6A. 

[0097] Both sequences are plotted as a function of a 
number of Entitlement Control Messages received after 
a reset. 

[0098] The illustrated sequences may be observed in 
a splitter configuration, or in a high zapping behavior of 
a regular paid-up subscriber. An analyzing of the re- 
ceived Entitlement Control Messages allows to detect 
differences in compared determined contents/extracted 
information of the sequentially received Entitlement 
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Control Messages. During a first phase 61 following the 
reset, the error register is hence regularly Incremented, 
e.g. at each receiving of one Entitlement Control Mes- 
sage. 

[0099] In the example illustrated in FIG. 6A and FIG. 
6B, the dead time has a duration equal to zero if the 
value of the error register is smaller than a minimum 
threshold value C_min_thr, so as to avoid to harm the 
regular paid-up subscriber that zaps from one channel 
to an other channel. 

[01 00] During a second phase 62, the value of the er- 
ror register becomes equal to the minimum threshold 
Cjninjhr; the duration of the dead time is hence non 
null and increases with the value of the error register. 
However, the duration of the dead time remains smaller 
than a maximum time value x_max corresponding to a 
maximum threshold value C_max Jhr of the error regis- 
ter. The maximum time value tjnax is high enough to 
prevent the smartcard from processing more than one 
Entitlement Control Message during a single cryptope- 
riod. In a case of a double streaming, wherein a given 
decoder sends a given number of Entitlement Control 
Messages at each cryptoperiod, the maximum time val- 
ue x_max has a value that is high enough to prevent the 
processing of the given number of Entitlement Control 
Messages from a plurality of decoders. Typically, the 
smartcard may process only one given number of Enti- 
tlement Control Messages per cryptoperiod. 
[0101] If the dead time has a duration that is substan- 
tially equal to the maximum time value, the smartcard 
fails to allow the descrambiing of a plurality of scrambled 
audiovisual information from a plurality of decoders. At 
least one unauthorized user, or a paid-up subscriber that 
shares its smartcard with the unauthorized user(s), may 
see a screen turn blank. 

[0102] A regular paid-up subscriber that zaps a lot 
from a channel to an other channel may generate an 
increase of the dead time and may see the screen turn 
blank during one cryptoperiod after an additional zap- 
ping. The regular paid-up subscriber may attribute the 
blank screen to a broadcast problem and may try to 
watch another channel, thus increasing the value of the 
error register. In the example illustrated in FIG. 6A, the 
value of the error register may always be below a max- 
imum value C_max, so as to avoid over-punishing the 
smartcard. However, parameters such a the maximum 
time value i_max. the minimum threshold value 
C_min Jhr etc. may be judicially chosen so as to avoid 
the regular paid-up subscribers to see the screens turn 
blank. 

[0103] The error register may go on increasing during 
a third phase 63 even if the duration of the dead time is 
equal to the maximum time value t_max, particularly in 
the case of the splitter configuration. 
[0104] The error register may be based on a circular 
principle: early increments that are generated by old En- 
titlement Control Messages are erased. For example, a 
circular register having a determined size may be used 
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to evaluate the error register. Each time the analyzing 
is performed, binary values of the circular register are 
left shifted. The binary value at a former location at a left 
end of the circular register is hence erased. A new binary 
value that depends on a result of the analyzing is written 5 
at a now empty location at a right end of the circular 
register. Typically, a '1 ' may be written if a difference be- 
tween compared determined contents/extracted infor- 
mation of the analyzed Entitlement Control Messages 
is detected, and a '0' may be written if not. 
[01 05] The error register may have a value that equals 
a sum of the binary values of the circular register. The 
value of the error register is hence always smaller or 
equal to a maximum that corresponds to the size of the 
circular register : if equal, all the locations of the circular 
register are filled with T. The maximum may be the 
maximum value C_max represented In FIG. 6A. 
[0106] The vaiue of the error register may also de- 
crease if differences between the compared determined 
contents/extracted information of the analyzed Entitle- 
ment Control Messages are no longer detected, as rep- 
resented in FIG. 6A. The decreasing may be due to var- 
ious reasons, in the case of a splitter configuration, the 
unauthorized users may turn their decoders off. The reg- 
ular paid-up subscriber may no longer zap etc. 
[01 07] Alternatively, the error register may be a single 
integer that is incremented or decremented depending 
on a result of the analyzing of the sequence of command 
messages. 

[0108] As long as the value of the error register is 
higher than a decrease threshold, e.g. the maximum 
threshold value C_max_thr, the duration of the dead 
time remains equal to the maximum time value xjnax. 
[0109] When, at a fourth phase 64, the value of error 
register becomes smaller than the maximum threshold 
value Cjnaxjhr, the duration of the dead time begins 
decreasing. 

[0110] In the case of the splitter configuration, if the 
unauthorized user keeps his decoder on at the third 
phase 63, the duration of the dead time remains at the 
maximum time vaiue ?_max. If the unauthorized user 
turns his decoder on at the fourth phase 64, the error 
register starts to increase again (not represented se- 
quence). 

[0111] The unauthorized user may also reset the 
smartcard at the third phase so as to reset the value of 
the duration of the dead time. The value of the duration 
of the dead time and the value of the error register may 
indeed be stored in a volatile memory that is erased up- 
on a reset. 

[0112] FIG. 6C illustrates an example of a sequence 
of values of a duration of a dead time of a portable se- 
curity module according to the present invention. The 
sequence is plotted as a function of a number of Enti- 
tlement Control Messages received after a reset. Unlike 
the example sequence illustrated in FIG. 6B, the exam- 
ple sequence of FIG. 6C has a non-null value immedi- 
ately after the reset. A reset dead time may be intro- 
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duced at each processing of one Entitlement Control 
Message after the reset. The reset dead time has a du- 
ration that depends on a number of Entitlement Control 
Messages received at the smartcard after the reset. The 
duration of the reset dead time is equal to a first reset 
time value T_reset_max at a first processing that imme- 
diately follows the reset and decreases with the number 
of received Entitlement Control Messages. 
[01 13] The introducing of the reset dead time and the 
introducing of the dead time may be implemented in a 
single software program : a total dead time may be 
equal to a sum of the reset dead time that may be read 
in an EEPROM and of the dead time that is evaluated 
from a circular register stored in a volatile memory. 
[0114] The smartcard processing Is hence slowed 
down by the reset dead time upon a reset. 
[01 1 5] The first reset time value i_reset_max is pref- 
erably smaller than a maximum time value t_max of the 
dead time, so as to avoid harming a regular paid-up sub- 
scriber after a regular reset, e.g. a reset due to a power 
cut. 

[0116] As the first reset time value x_reset_max is 
smaller than the maximum time value T_max, an unau- 
thorized user may try to reset the smartcard every time 
the descrambling of the scrambled audiovisual informa- 
tion fails to function correctly. A hacker may even gen- 
erate a reset of the smartcard at each cryptoperiod or 
so, in order to allow a correct descrambling or for an 
attack purpose. 

Smartcard blocking 

[0117] FIG. 7 illustrates an example of an algorithm 
to be implemented in a portable security module accord- 
ing to the present invention. The algorithm of FIG. 7 al- 
lows to evaluate a nature of a further reset according to 
an intermediate group of intermediate command mes- 
sages. The intermediate group comprises a sequence 
of command messages, e.g. Entitlement Control Mes- 
sages, received after a previous reset preceding the fur- 
ther reset. 

[0118] When a message is received at the smartcard, 
the smartcard tests whether the message is an ECM or 
not (box 71). If the message is an ECM, the smartcard 
processes the Entitlement Control Message, e.g. the 
smartcard decrypts an encrypted control word com- 
prised within the Entitlement Control Message. A 
number of intermediate command messages is counted 
by incrementing a count register nb_ECM after each 
processing (box 72). 

[0119] The number of intermediate command mes- 
sages is compared to a reset threshold number 
nb_ECM_min (box 73). A result of the comparing allows 
to evaluate the nature of the further reset : if the count 
register nb_ECM equals the reset threshold number 
nb_ECM_min, a flag that has a NOK value, e.g. '0\ after 
each reset (box 75) is set to an OK value, e.g. '1' (box 
74). 
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[01 20] If the count register nb_ECM is higher than the 
reset threshold number nb_ECM_min, the flag already 
has an OK value. If the count register nb_ECM Is smaller 
than the reset threshold number nb_ECM_min, the flag 
has a NOK value. The value of the flag hence indicates 5 
whether the number of intermediate command messag- 
es is higher than the reset threshold number 
nb_ECM_min or not. The value of the flag is stored in a 
non-volatile memory. When the further reset occurs (box 
76), the value of the flag is read and is compared to the 
NOK value (box 77). 

[0121] If the value of the flag is OK, i.e. if the smart- 
card has received more than the reset threshold number 
nb_ECM_min of Entitlement Control Messages since 
the previous reset, the further reset is evaluated as reg- 
ular. The flag is reset to the NOK value again (box 75) 
and the smartcard waits for a new message (box 78). 
Each new ECM is processed (box 72) and the flag keeps 
the NOK value until a reset threshold number 
nb_ECM_min of Entitlement Control Messages is re- 
ceived and processed, as described in a previous par- 
agraph. 

[0122] If the value of the flag is NOK, i.e. the number 
of intermediate command messages is smaller than the 
reset threshold number nb_ECM_mln since the previ- 
ous reset, the further reset is evaluated as suspicious. 
A reset error register nb_reset_off is incremented (box 
79) and its value is compared to a reset errors threshold 
reset_max (box 710), 

[0123] If the value of the reset error register 
nb_reset_off equals the reset errors threshold 
resetjnax, the smartcard is blocked (box 711). If the 
value of the reset error register nb_reset_off is smaller 
than the reset errors threshold resetjnax, the smart- 
card waits for a message (box 78) and further counts 
intermediate command messages. The value of the re- 
set error register nb_reset_off may not be higher than 
the reset errors threshold resetjmax, since the smart- 
card is blocked when the value of the reset error register 
nb_reset_off equals the reset errors threshold 
reset_max. 

[0124] Such algorithm allows to penalize an unauthor- 
ized user that resets the smartcard each time the scram- 
bled audiovisual information is incorrectly descrambled, 
or that automatically resets the smartcard after a small 
number of cryptoperiods. 

[0125] The algorithm also allows to block a smartcard 
that receives attacks commands with a reset between 
them. 

[0126] Parameters such as the reset errors threshold 
reseLmax, the reset threshold number nb_ECM_min 
etc. may have adequate values that are adapted to pos- 
sible behaviors of a regular paid-up subscriber, of an 
unauthorized user and of a hacker. 
[0127] Any other algorithm for managing penalties 
may be applied on the smartcard: for example, the 
smartcard may be blocked when the value of the error 
register reaches a limit value, the limit value being high- 



er than the maximum threshold value C_maxjhr. 
[0128] The analyzing of the sequence of command 
messages may preferably consist in comparing a new 
Entitlement Control Message to a previous Entitlement 
Control Message. Alternatively, EMMs, reset messag- 
es, or any other message received at the smartcard may 
be analyzed. The analyzing of the sequence of com- 
mand messages may also consists in counting a 
number of intermediate command messages between 
two resets so as to evaluate a nature of a previous reset. 
[0129] The analyzing may preferably be a combina- 
tion of the described above analyses : for example, each 
new Entitlement Control Message is compared to a pre- 
vious Entitlement Control Message and a number of En- 
titlement Control Messages between two resets is 
counted, so as to reinforce a securing of the smartcard. 
An other example of a combination of the described 
above analyses consists in comparing each new ECM 
to a previous ECM, each new EMM to a previous EMM, 
and each new other command message to a previous 
other command message. Both the ECMs, the EMMs 
and the other command messages may be counted to 
evaluate resets. Preferably three distinct counting 
means are Implemented, so as to provide a complete 
understanding of a behavior of a user and hence apply 
an adequate penalty. 

[0130] Preferably the penalty that is applied on the 
smartcard allows to disrupt the processing of the ECMs. 
The penalty may also allow to disrupt an EMM process- 
ing, a receiving of messages at the smartcard, or any 
other action of the smartcard. 

[0131] A software that allows to implement the meth- 
od according to the present invention is also comprised 
within the scope of the present invention. 
[0132] The software may be downloaded at a manu- 
facturing of the portable security module. Alternatively, 
at least one configuration message is received at the 
portable security module when already in use by a sub- 
scriber, thus allowing to download the software. Both 
methods are comprised within the scope of the present 
invention. 

[0133] While the invention has been described with 
respect to a limited number of embodiments, those 
skilled in the art, having benefit of this disclosure, will 
appreciate that other embodiments can be devised 
which do not depart from the scope of the invention as 
disclosed herein. Accordingly, the scope of the invention 
should be limited only by the attached claims. 



Claims 

1 . A method for securing a portable security module 
for use with a decoding element, the portable secu- 
rity module and the decoding element allowing to 
descramble scrambled audiovisual information, the 
method comprising : 
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analyzing at the portable security module a se- 
quence of command messages (402), the com- 
mand messages of the sequence being re- 
ceived at the portable security module at dis- 
tinct times. 

2. The method according to claim 1 , wherein : 

the analyzing (402) is performed at each receiv- 
ing of a new command message; 
the sequence of command messages compris- 
es the new command message and a previous 
command message received at a previous 
time. 

3. The method according to claim 2, further compris- 
ing: 

incrementing at each analyzing an error regis- 
ter upon a determined result of the analyzing 

(403) ; 

applying a penalty to the portable security mod- 
ule depending on a value of the error register 

(404) . 

4. The method according to claim 3, wherein 

the portable security module processes Entitlement 
Control Messages received at the portable security 
module to allow the descrambling of the scrambled 
audiovisual Information; 

applying a penalty comprises introducing a dead 
time at each processing so as to slow down the 
processing (404). 

5. The method according to claim 4, wherein : 

the dead time has a duration that depends on a val- 
ue of the error register (404). 

6. The method according to any one of claims 4 or 5, 
wherein 

the duration of the dead time is shorter than a max- 
imum time value; 

the maximum time value is high enough to prevent 
the portable security module (31) from processing 
more than one Entitlement Control Message during 
a single cryptoperiod, 

7. The method according to any one of claims 2 to 6, 
wherein : 



each command message (54 n , 54 n+1 ) compris- 
es a channel identifier (51 n , 51 n+1 ), the channel 
identifier being associated to a determined 
channel; 

the analyzing of the sequence of command 
messages comprises comparing the channel 
identifier 51 n+1 of the new command message 
54^ and the channel identifier 51 n of the pre- 
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vious command message 54 n . 

8. The method according to any one of claims 2 to 6, 
wherein : 

each command message (54 n , 54^) compris- 
es a first encrypted Control Word (52 n , 52 n+1 ) 
and a second encrypted Control Word (53 n , 

the first Control Word allows to descramble the 
scrambled audiovisual information during a first 
cryptoperiod; 

the second Control Word allows to descramble 
the scrambled audiovisual information during a 
second cryptoperiod distinct from the first cryp- 
toperiod; 

the analyzing of the sequence of command 
messages comprises comparing a second 
Control Word 53 n of the previous command 
Message 54 n to a first Control Word 52 n of the 
new command Message 54^. 

9. The method according to any one of claims 1 to 6, 
wherein : 

the analyzing of the sequence of command 
messages comprises comparing a determined 
content of a first command message of the se- 
quence of command messages to a second de- 
termined content of a second command mes- 
sage of the sequence of command messages. 

10. The method according to any one of claims 4 to 9, 
further comprising : 

introducing upon a reset a reset dead time at 
each processing of the Entitlement Control 
Messages, wherein: 

the reset dead time has a duration that depends 
on a number of Entitlement Control Messages 
received at the portable security module after 
the reset, the duration being equal to a first re- 
set time value at a first processing immediately 
following the reset; 

the first reset time value is smaller than the 
maximum time value. 

11. The method according to any one of claims 1 to 10, 
further comprising : 

evaluating a nature of a further reset according 
to an intermediate group of intermediate com- 
mand messages, the intermediate group com- 
prising the command messages received after 
a previous reset preceding the further reset. 

12. The method according to claim 11, further 
comprising : 
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counting a number of the intermediate com- 
mand messages (72); 

comparing the number of the Intermediate com- 
mand messages to a reset threshold number 
(73), wherein a result of the comparing allows 
to evaluate the nature of the further reset; 
incrementing upon the further reset a reset er- 
ror register (79) if the further reset is evaluated 
as suspicious; 

blocking the portable security module (711) if 
the reset error register has a value that is higher 
than a reset errors threshold. 

13. A portable security module (31) for use with a de- 
coding element, wherein the portable security mod- 
ule and the decoding element allow to descramble 
scrambled audiovisual Information, the portable se- 
curity module comprising: 

receiving means to receive messages; 
analyzing means (35) to analyze a sequence of 
command messages, the command messages 
of the sequence being received at the portable 
security module at distinct times. 

14. The portable security module (31) according to 
claim 13, further comprising : 

a command message memory (36) into which 
a previous command message (ECM n ) re- 
ceived at a previous time may be stored; and 
wherein : 

the analyzing is performed at each receiving of 
a new command message (ECM n+1 ); 
the sequence of command messages compris- 
es the new command message and the previ- 
ous command message. 

15. The portable security module (31) according to 
claim 14, further comprising: 

comparing means to compare the new com- 
mand message and the previous command 
message of the sequence of command mes- 
sages; 

an error register (37); 

incrementing means to increment the error reg- 
ister depending on a result of the comparing; 
processing means (32) to process an Entitle- 
ment Control Message received at the portable 
security module so as to allow the descram- 
bling of the scrambled audiovisual information; 
delaying means to introduce a dead time at 
each processing so as to slow down the 
processing. 

16. The portable security module (31) according to 
claim 15, wherein : 
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the delaying means also allow upon a reset to 
introduce a reset dead time at each processing 
following the reset; 

the reset dead time has a duration that depends 
on a number of processing following the reset, 
the duration being equal to a first reset time val- 
ue at a first processing immediately following 
the reset. 

17. The portable security module (31 ) according to any 
one of claims 13 to 16, further comprising : 

a count register allowing to store a number of 
intermediate command messages, the inter- 
mediate command messages being received at 
the portable security module after a previous 
reset; 

a flag, the flag having a value that depends on 
a result of a comparing of the count register to 
a reset threshold number, 
a reset error register that is incremented de- 
pending on the value of the flag upon a further 
reset; 

blocking means to block the portable security 
module according to a value of the reset error 
register. 

18. A method for securing a portable security module 
comprising downloading a software that allows to 
implement a method according to any one of claims 
1 to 12, wherein the downloading comprises receiv- 
ing at the portable security module at least one con- 
figuration message from the decoding element. 
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